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Before JEAN R. HOMERE, JAY P. LUCAS, and THU A. DANG, 

Administrative Patent Judges. 

HOMERE, Administrative Patent Judge. 

DECISION ON APPEAL 
I. STATEMENT OF CASE 
Appellants appeal under 35 U.S.C. § 134 from the Examiner's twice 
rejection of claims 1 through 5 and 7 through 21. Claim 6 has been 
canceled. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 



^ Filed on March 15, 2004. The real party in interest is Microsoft Corp. 
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The Invention 

According to Appellants, the invention relates to a virtual private 
network (VPN) enrollment protocol gateway implemented as a registration 
authority that operates as an intermediary between a router and a certificate 
authority. The router communicates with the registration authority as if it 
were the certificate authority, not realizing that it is communicating with an 
intermediary. Particularly, as depicted in Figure 1 , the protocol gateway 
(118) receives a router enrollment request from the router (110-114). The 
protocol gateway (118) decrypts the request, adds an alterative subject name 
to the request, digitally signs the request, and forwards the signed request to 
the certificate authority (116). Then, the certificate authority (116) 
determines whether to trust the source of the request (the protocol gateway), 
and proceeds to respond with the requested certificate if it verifies that the 
gateway can be trusted. The gateway receives the requested certificate, 
encrypts and digitally signs a response including the certificate, and returns 
the signed and encrypted response to the router. (Spec, p. 2, 1. 20 through p. 
3,1. 13.) 

Representative Claim 
Independent claim 1 fiirther illustrates the invention. It reads as 

follows: 
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1. A method, implemented in a registration authority, comprising: 

receiving a request, from a requestor, for a password to be used by a 
device when communicating with the registration authority operating as a 
protocol gateway between the device and a certificate authority; 

authenticating the requestor; 
generating the password; 

adding the password to a password table; and 

returning the password to the requestor for use by the device. 

Prior Art Relied Upon 

The Examiner relies on the following prior art as evidence of 
unpatentability: 

Colvin US 6,044,471 Mar. 28, 2000 

Mikurak US 6,606,744 Bl Aug. 12, 2003 

Andersson US 6,931,016 Bl Aug. 16, 2005 

Rejections on Appeal 
The Examiner rejects the claims on appeal as follows: 

A. Claims 1 through 5, and 7 through 20 stand rejected under 35 
U.S.C. § 103 (a) as being unpatentable over the combination of Colvin and 
Mikurak. 

B. Claim 21 stands rejected under 35 U.S.C. § 103 (a) as being 
unpatentable over the combination of Colvin, Mikurak and Andersson. 
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Appellants ' Contentions 
Appellants argue that the combination of Colvin and Mikurak does 
not teach a registration authority operating as a protocol gateway between a 
requesting device and certificate authority, as recited in independent claim 1 . 
(App. Br. 8-10, Reply Br. 2-4.) Particularly, Appellants argue that while 
Mikurak discusses internet gateways, registration authority and certificate 
authority, they are described as separate devices. (M) According to 
Appellants, these separate disclosures of Mikurak do not suggest the 
inclusion of the functionality of an Internet gateway in the registration 
authority to thereby communicate with the certificate authority on behalf of 
the user. (M) 

Examiner 's Findings 
In response, the Examiner finds that the claimed registration authority 
operates as a protocol gateway only when it is communicating with a 
requesting device. The Examiner thus, finds that the claimed operation as a 
gateway is a conditional limitation, which is not required when the 
registration system is not communicating with the requesting device. (Ans. 
7-8.) Therefore, the Examiner finds that Mikurak' s disclosure of a 
registration authority that interfaces with a certificate authority on behalf of 
the user combined with Mikurak' s disclosure that gateways are known to 
establish communication between different networks teach the claimed 
limitation. (Id.) Consequently, the Examiner concludes that the combination 
of Colvin and Mikurak renders claim 1 unpatentable. (Id.) 
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II. Issue 
The pivotal issue before us is whether Appellants have shown that the 
Examiner erred in concluding that one of ordinary skill would have found 
sufficient rationale to combine Colvin and Mikurak's teachings to yield a 
registration authority that operates as a protocol gateway between a 
requesting device and a certificate authority, when the requesting device is 
communicating with the registration authority, as recited in independent 
claim 1 . We answer this inquiry in the negative. 

III. FINDINGS OF FACT 

The following findings of fact (FF) are supported by a preponderance 
of the evidence. 

Colvin 

1 . Colvin discloses a method and system for reducing 
unauthorized use of a software by associating a series of passwords thereto. 
(Abstract.) Particularly, as depicted in Figure 1, Colvin discloses a 
password administrator (24) that provides one or more passwords and 
authorization codes to a user (30) or a group of users (32) based on received 
registration information obtained with the user's request to thereby 
determine to what extent, if any, the user can be authorized to use the 
software. (Col. 4, 11. 6-42.) 
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Mikurak 

2. Mikurak discloses a collaborative installation management in a 
network-based supply chain environment wherein phone calls and other 
multimedia data issued by users are routed through a network system for 
transferring information across the Internet. (Col. 2, 11. 53-65.) Particularly, 
Mikurak uses Internet gateways and routers to provide necessary links 
between different networks thereby making connections possible between 
them. (Col. 67,11. 15-25.) 

3 a. Further, as shown in Figure 116, Mikurak discloses a secured 
VPN wherein remote users implement a VPN module on their firewall. 
(Col. 269, 11. 46-56.) 

3b. Particularly, a user issues a digital certificate request to a 
registration authority (RA) that processes and forwards the request to a 
central corporate headquarter that maintains a certificate Authority (CA) 
integrated in an LDAP server. (Col. 269, 11. 57-65.) 

3c. The CA authenticates the user, and administers a digital 
certificate to the user to subsequently permit the user to access a desired 
software. {Id) 
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Anders son 

4. Andersson discloses a VPN management system wherein each 
VPN has an identification code, and authentication data for each router 
including encryption keys and passwords that are compared with security 
data in a database upon receiving a user's request to access the database. 
(Col. 4, 11. 1-26.) 

IV. PRINCIPLES OF LAW 

OBVIOUSNESS 

Appellants have the burden on appeal to the Board to demonstrate 

error in the Examiner's position. See In re Kahn, 441 F.3d 977, 985-86 

(Fed. Cir. 2006) ("On appeal to the Board, an applicant can overcome a 

rejection [under § 103] by showing insufficient evidence of prima facie 

obviousness or by rebutting the prima facie case with evidence of secondary 

indicia of nonobviousness.") (quoting /« reRouffet, 149 F.3d 1350, 1355 

(Fed. Cir. 1998)). 

Section 103 forbids issuance of a patent when 'the differences 
between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in 
the art to which said subject matter pertains.' 

KSRInt'l Co. V. Teleflexlnc, 111 S. Ct. 1727, 1734 (2007). 
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The question of obviousness is resolved on the basis of underlying 
factual determinations including (1) the scope and content of the prior art, 
(2) any differences between the claimed subject matter and the prior art, (3) 
the level of skill in the art, and (4) wherein evidence, so-called secondary 
considerations. Graham v. John Deere Co., 383 U.S. 1, 17-18 (1966). See 
also KSR, 111 S. Ct. at 1734 ("While the sequence of these questions might 
be reordered in any particular case, the [Graham] factors continue to define 
the inquiry that controls.") 

"The combination of familiar elements according to known methods 
is likely to be obvious when it does no more than yield predictable results." 
Leapfrog Enter., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1161 (Fed. Cir. 
2007) {quoimg KSR Int'lv. Teleflex, Inc., Ill S. Ct. 1727, 1739 (2007)). 
"One of the ways in which a patent's subject matter can be proved obvious is 
by noting that there existed at the time of invention a known problem for 
which there was an obvious solution encompassed by the patent's claims." 
KSR, 127 S. Ct. at 1742. 

The reasoning given as support for the conclusion of obviousness can 
be based on interrelated teachings of multiple patents, the effects of demands 
known to the design community or present in the marketplace, and the 
background knowledge possessed by a person having ordinary skill in the 
art. KSR, 121 S. Ct. at 1740-41. See also Dystar Textilfarben GmbH & Co. 
Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1368 (Fed. Cir. 2007). 
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V. ANALYSIS 

As detailed in the Findings of Fact section above, Colvin teaches a 
system having a password administrator that processes a user's request for a 
password along with the user's registration information to determine to what 
extent, if any, the user can be authorized to access a desired software. (FF. 
1.) Further, Mikurak teaches a VPN wherein a user submits a digital 
certificate request to a registration authority, which forwards the request to a 
certificate authority to retrieve the desired certificate, and thereby providing 
the user access to a corresponding software. (FF. 3a-3c.) Additionally, 
Mikurak teaches that Gateways are well-known in the art as a tool for 
establishing communication between different networks. (FF. 2.) One of 
ordinary skilled in the art would readily recognize that Mikurak' s 
registration authority, by submitting the user's digital certificate request to 
the certificate authority, is serving as a communication proxy for the user. 
Stated differently, the registration authority is operating as an intermediate 
communication device linking the user and the certificate authority. The 
ordinarily skilled artisan would have thus recognized that such an 
intermediate communication device could be implemented as a gateway, 
which is well-known for its ability to establish communication between 
different devices of a network or different networks. 

We agree with the Examiner that the registration device is not 
required to satisfy the claimed limitation. We find that the clause "to be 
used by a device when communicating with the registration authority 
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operating as a protocol gateway between the device and the certificate 
authority" is statement of intended use, which is not entitled to any 
patentable weight. We find nonetheless that Mikurak's disclosure teaches 
the limitation encompassed in that clause. Particularly, we find that Mikurak 
does suggest to the ordinarily skilled artisan to use the registration authority 
as an intermediate communication device, such as a protocol gateway, 
linking the user and the certificate authority. The ordinarily skilled artisan 
would have thus recognized that Colvin and Mikurak disclose prior art 
elements that perform their ordinary functions to predictably result in a 
system that allows a registration authority to operate as a protocol gateway 
between an authorized user and a certificate authority to thereby determine 
to what extent the user can access a desired software on a server. We 
therefore agree with the Examiner that the combination of Colvin and 
Mikurak is proper. It follows that Appellants have not shown that the 
Examiner erred in concluding that the combination of Colvin and Mikurak 
renders independent claim 1 unpatentable. 

Appellants do not separately argue claims 1 through 5 and 7 through 
20. Therefore, we select independent claim 1 as being representative of the 
cited claims. Consequently, claims 2 through 5 and 7 through 20 fall 
together with representative claim 1. 37 C.F.R. § 41.37(c)(l)(vii). 
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Regarding claim 21, Appellants argue that Andersson does not cure 
the deficiencies of the Colvin-Mikurak combination, (App. Br. 11-13, Reply 
Br. 4.) As discussed above, we find no such deficiencies in the cited 
combination for Andersson to remedy. Further, Appellants argue that the 
Colvin-Mikurak- Andersson combination does not teach comparing a 
received password with an existing password to authenticate the device. (Id.) 
We do not agree. As detailed in the Findings of Fact section above, Colvin 
discloses a password administrator that reviews a user's registration 
information to authenticate the user. (FF. 1.) Further, Andersson discloses a 
VPN system that compares the VPN password with security data in a 
database upon receiving a request fi-om a user to access the database. (FF. 4.) 
One of ordinary skill would have recognized that Colvin, Mikurak, and 
Andersson disclose prior art elements that perfonn their ordinary flinctions 
to predictably result in a system that allows an authenticated user to access a 
database upon finding a match between the user's authentication data and 
security data stored in the database. It follows that Appellants have not 
shown that the Examiner erred in concluding that the combination of Colvin, 
Mikurak and Andersson renders claim independent claim 21 unpatentable. 

VI. CONCLUSIONS OF LAW 
Appellants have not shown that the Examiner erred in concluding that 

the combination of Colvin and Mikurak renders claims 1 through 5 and 7 
through 20 unpatentable under 35 U.S.C. § 103 (a). Similarly, Appellants 
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have not shown that the Examiner erred in concluding that the combination 
of Colvin, Mikurak and Andersson renders claim 21 unpatentable under 
35 U.S.C. § 103 (a) 

VII. DECISION 

We affirm the Examiner's decision rejecting claims 1 through 5 and 7 
through 21 as being unpatentable under 35 U.S.C. § 103(a) . 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 

AFFIRMED 
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